3.1 Structured state read access
3.1 Structured state read access
agent has read access to the project's structured state stores: application database, infrastructure-as-code state (Terraform/Pulumi/Cloudflare config), and equivalent backends. Scores *capability and usability*; PII masking and IAM scoping are scored under `PL4-least-privilege` / `PL4-pii-masking`
Levels
Level 0
Agent has no read access
Level 1
Read access to app DB only; infra state remains human-only
Level 2
Read-only across app DB and infra state, queryable via MCP or equivalent
Level 3
Query patterns logged; common queries become saved views; unusual queries flagged for review
Recipes that advance this criterion
No recipes yet.